CVE-2006-3053

Name of the Vulnerable Software and Affected Versions Phorum versions 5.1.13 and earlier

Description A remote file inclusion issue in common.php allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http path] parameter. However, the vendor disputes this issue, stating that common.php checks if it is being called directly and has done so in all 5.x versions of Phorum.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.